Data security used to be primarily about physically controlling where information was stored. But over the last few years the move towards greater use of mobile devices and increasing reliance on email for business communication has made securing information much more of a challenge.
The solution many organizations have turned to is encryption, particularly for emails, but is this the answer? Cloud collaboration specialist Open-Xchange is launching OX Guard, a fully integrated email security and encryption add-on to its OX App Suite.
Since a cache of nude photos of celebrities appeared online, Apple has remained fairly tight-lipped about what may or may not have happened. Right from the start rumors were flying around that Apple's iCloud service may have been comprised or that Find My iPhone may have been to blame. The company said that it was "actively investigating" the suggestions but then things went quiet again. The FBI became involved, but it has been a frustrating 48 hours for anyone trying to find out what happened. Now Apple has issued a statement making it clear that a security attack did indeed take place.
Entitled Update to Celebrity Photo Investigation the statement reads:
The leaking of celebrity photos which may have come from iCloud is just the latest in a series of high profile security and privacy breaches that are leading many people to question how safe their data is online.
For those who have decided enough is enough, secure transaction specialist Imprima has produced an infographic guide to "unfriending the internet" which covers how to take your personal profiles off the main social networking sites.
In case you haven't heard of Yo, it's the latest breakout mobile app to go viral. Despite its single-feature capability, or perhaps because of it, the app struck a chord and rocketed to the top of Apple's App Store. Even Yo's own developers describe the app as "a fine line between stupid and genius".
While Yo was basking in the unexpected spotlight at the top of the apps chart, the next thing that happened was also unexpected. Yo got hacked. Three college students exploited a way into the app, snagged 300,000 Yo users and engaged in message spoofing. Yet Yo is hardly the first app, nor will it be the last, to get hacked.
The Internet is buzzing about celebrity nude photos pilfered from iCloud. The problem is bigger than Apple's security, if breached, which I doubt. Behavior is the larger concern, and how people adapt during the contextual cloud computing era. If your phone automatically syncs pictures or videos to any cloud service -- Google Photos, iCloud, OneDrive, or another -- you must assume that nothing is private.
That personal nude video you shoot on the HandyCam is very different from the one taken on Galaxy S5, iPhone 5s, or another device. I should be stating the obvious, but given pervasive attitudes about the Internet -- where people feel safe browsing in the sanctity of their domicile or WiFi coffee shop -- carelessness must be the presumption. These leaked celeb nudes, if real rather than Photoshopped, are good example. Simple rule: Don't shoot any photos or videos on a cloud-connected device you don't want everyone to see.
It's been a bad month for Mozilla, as the company seems to be shedding user data left and right. The problems are apparently not over as new information has come to light regarding the loss of another 97,000 emails and passwords that were left exposed.
The latest issue comes via Bugzilla, and the organization has reset all user passwords in an attempt to alleviate the issues. However, that didn't stop customer data from being exposed for about three months.
Whether you're concerned about security, or just hoping to optimize your PC’s performance, understanding what's accessing your internet connection can be very helpful.
Network monitors will tell you more, but they're often targeted at experts, weighed down with complex details which -- even if you understand them entirely -- you may not really need. GlassWire is an interesting free network monitor aimed at a more general audience. It’s easy to use, looks great and provides in-depth reports, but they’re easy to follow and focus on only the most important information.
Next-Generation Firewalls (NGFWs) are a foundational component for many traditional network security strategies. While nothing is technically wrong with today's NGFWs, much is wrong with the approach. Most solutions in the market today do exactly as advertised -- combine traditional packet filtering with some application control and rudimentary IPS layered on top. While these capabilities are still important, traditional NGFWs were designed for a more simple time, before advanced threats began burrowing into enterprises through new and innovative means.
Today's sophisticated attacks leverage an array of threat vectors that can take endless form factors. We are now seeing attacks that we couldn't have anticipated just a few years ago. The traditional network security approaches in place to address these challenges have been built from disparate point technologies, amounting to considerable complexity, that create gaps in these defenses that attackers exploit.
Today Dropbox Pro users gain access to a raft of new features including automatically expiring shared links, password-protected sharing, and adjustable permissions. In recent times, Dropbox has moved away from being just a simple cloud storage platform into a cloud-based collaboration tool. Password-protected files sharing is the first line of security that's now available, but it has been bolstered by the ability to have the share automatically stop after a set period. This is something that is particularly useful for sensitive data, and is a helpful addition to the manual disabling of a shared link -- a set-it-and-forget-it option.
Catching up with other file collaborative tools, Dropbox Pro now also takes into account the fact that you might want to share files with others without giving them the option to edit those files. The new ability to add view-only permissions to files and folders has this covered so it is possible to share sensitive files without worrying about them being changed. For anyone using Dropbox on mobile devices, there is always the fear of losing a handset; a new remote wipe feature takes care of this.
It's a fact that most software has bugs of some sort when it gets released. More significant are fundamental flaws in the design, yet whilst bugs generally get fixed, design flaws are often overlooked.
In an effort to address this professionals organization IEEE is bringing together leading figures from Google, HP, Twitter and Cigital to form a Center for Secure Design group with the aim of tackling serious design flaws in software.
A new survey sponsored by HP's TippingPoint network security arm looks at the main information security concerns of modern enterprises.
It reveals that 69 percent of IT professionals have to deal with phishing attacks at least once a week, with customer and financial data the main targets. The survey also finds that seven out of 10 attacks originating from inside the network come from a malware infected machine.
As you're almost certainly aware if you're a PlayStation owner, this weekend saw an attack mounted on the PlayStation Network which took it down for a large chunk of time.
But PSN wasn't the only gaming service to get bombarded by DDoS (distributed denial of service) attacks this weekend, and indeed, other attacks are continuing right now -- courtesy of the so-called Lizard Squad, a "hacktivist" group which is enjoying its time in the media limelight. (Though note that another hacker from Anonymous claimed responsibility for the PSN attack, so it's unclear exactly what went on in that case.)
The effects of Edward Snowden's revelations about the activities of the NSA continue to be felt. Internet users are now familiar with the idea that what they do online is possibly (probably?) being monitored in one way or another. Some users have taken to the likes of Tor in a bid to increase security and anonymity, but there has also been a more interesting side-effect. Figures released by "nonpartisan fact tank" the Pew Research Center suggests that a "spiral of silence" has developed as Americans start to censor themselves online.
The research group conducted a survey of more than 1,800 people in the middle of last year and found that while most people (86 percent) were quite happy to talk about state surveillance in person, less than half (41 percent) were willing to do so on Twitter (itself involved in censorship). This self-censorship is an interesting repercussion of the NSA's activities, and it seems that social network users have been hardest hit:
In California, a bill has been passed that will require smartphone manufacturers to include a kill switch in their handsets. The bill states that "any smartphone, as defined, that is manufactured on or after July 1, 2015, and sold in California after that date, include a technological solution at the time of sale, which may consist of software, hardware, or both software and hardware, that, once initiated and successfully communicated to the smartphone, can render inoperable the essential features, as defined, of the smartphone to an unauthorized user when the smartphone is not in the possession of an authorized user". It's a lengthy description, but it means the kill switch that many people have been asking for for so long is becoming a reality in another state.
This is not the first time a kill switch bill has been passed -- Minnesota did something similar back in May. The SB 926, Leno Smartphones bill in California is rather more far-reaching and comes partly in response to the statistic that between 30 and 40 percent of robberies in major US cities are smartphone robberies. Once activated, the kill switch will prevent a phone from being registered on a wireless network, and cannot be bypassed even with a hard reset. In the event of theft, a user will also be able to remotely wipe their device to protect any private information they may have stored on it.
Embracing the digital revolution is unavoidable for businesses. It has brought great advantages with it too, such as anytime, anywhere communications and the storage of vital and personal information for use in our work and personal lives. It has also provided greater flexibility in where and how we work and communicate, making things much easier for us.
However, it is important to acknowledge security aspects when evaluating mobility policies in particular. Cyber attacks are on the increase and will continue in their complexity and frequency. We hear about serious breaches on a daily basis. This can range from password leaks or mobile phone hacks to international scale bugs. I often find that in the corporate world, many recognize the threats but fail to implement any strategy, let alone take tangible action. The good news is that there are steps that can be taken by businesses to drastically improve mobile security.